I would check for trojans that "call home" over IRC. Your box may be compromised.
There are tools at foundstone.com that will map the executable to the port activity. Also - most current VirsuScan apps will detect the trojans. HTH Paul -----Original Message----- From: Craig Lynch [mailto:clynch@;tams.iit.edu] Sent: Friday, November 01, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: [SonicWALL]- unknown chat source Hello list, I have blocked irc (chat) on my firewall (Sonicwall Pro, 6.3.1 firmware) and when I check the logs I get repeated entries that indicate one of my nt servers is trying to chat with some destination and it is getting blocked. The issue is that the server indicated has no chat facilities installed on it (that I can find) so I am puzzled as to where these chat requests are originating from. Any ideas as to what I should check? TIA Craig Lynch CNA,A+ Teachers Academy for Math and Science 312 949-2528 Visit us on the web at: HTTP://www.tams.org --- [This E-mail scanned for viruses by Declude/F-Prot AV] ================================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ LEGAL NOTICE: Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this e-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
